/* @(#)84       1.7  src/security/idl/sec_rgy_attr.idl, security.src, os2dce21.dss, 960602a.1  5/17/95  09:50:44 */
/*
 * COMPONENT_NAME:  security.src
 *
 * FUNCTIONS:
 *
 * ORIGINS: 72
 *
 */
/*
 * Copyright (c) 1990, 1991, 1992, 1993, 1994 Open Software Foundation, Inc.
 * ALL RIGHTS RESERVED (DCE).  See the file named COPYRIGHT.DCE for
 * the full copyright text.
 */
/*
 * HISTORY
 * $Log: sec_rgy_attr.idl,v $
 * Revision 1.1.4.1  1994/10/17  17:01:46  mob
 * 	Fix for OT 11951 - idl files contain wrong information.
 * 	[1994/10/14  19:07:32  mob]
 *
 * Revision 1.1.2.3  1994/08/04  16:13:04  mdf
 * 	Hewlett Packard Security Code Drop
 * 	[1994/07/26  19:10:07  mdf]
 * 
 * Revision 1.1.2.2  1994/06/17  18:42:35  devsrc
 * 	cr10872 - fix copyright
 * 	[1994/06/17  18:10:41  devsrc]
 * 
 * Revision 1.1.2.1  1994/03/02  17:55:30  hanfei
 * 	Initial ERA drop
 * 	[1994/02/18  19:19:59  hanfei]
 * 
 * $EndLog$
 */
/*
** Copyright (c) Hewlett-Packard Company 1993, 1994
** Unpublished work. All Rights Reserved.
**
**      Attributes Manipulation Interface
**
**
*/

[
    local
]

interface sec_rgy_attr {

    import "dce/rgybase.idl";
    import "dce/sec_attr_base.idl";

    /*
     * Private Datatypes for the attribute manipulation interface
     */

    /*
     * ATTRIBUTE OPERATIONS
     */

    /* s e c _ r g y _ a t t r _ c u r s o r _ i n i t
     *
     * Initialize a scan cursor which must be released
     * with sec_rgy_attr_cursor_release.
     * This is a remote operation that is used *instead of*
     * the local sec_rgy_attr_cursor_alloc.
     * Either sec_rgy_attr_cursor_init or sec_rgy_attr_cursor_alloc
     * must be used to alloc a cursor for use in lookup operations.
     *
     *	In Parameters:
     *		name_domain - the domain in which the named object resides.
     *		name - identifies the registry object on which
     *			to perform this operation.
     *		
     *	Out Parameters:
     *		cur_num_attrs - the current total number of attributes
     *			attached to this object at the time of this call.
     *		cursor - cursor initialized to the first in the
     *			list of attributes on this object.
     *
     *	Errors:
     *		No such object
     */

    void sec_rgy_attr_cursor_init (
	[in]	sec_rgy_handle_t	context,
	[in]	sec_rgy_domain_t	name_domain,
	[in]	sec_rgy_name_t		name,
	[out]	unsigned32		*cur_num_attrs,
	[out]	sec_attr_cursor_t	*cursor,
	[out]	error_status_t		*st_p
	);


    /* s e c _ r g y _ a t t r _ c u r s o r _ a l l o c
     *
     * Allocate a scan cursor which must be released
     * with sec_rgy_attr_cursor_release.
     * This is a local operation that is used *instead of*
     * the remote sec_rgy_attr_cursor_init.
     * Either sec_rgy_attr_cursor_init or sec_rgy_attr_cursor_alloc
     * must be used to allocate a cursor for use in lookup operations.
     *
     *	Out Parameters:
     *		cursor - cursor initialized to the first in the
     *			list of attributes on this object.
     *
     *	Errors:
     *		No such object
     */

    void sec_rgy_attr_cursor_alloc (
	[out]	sec_attr_cursor_t	*cursor,
	[out]	error_status_t		*st_p
	);


    /* s e c _ r g y _ a t t r _ c u r s o r _ r e s e t
     *
     * Reset a cursor that has been allocated with 
     * either sec_rgy_attr_cursor_init or sec_rgy_attr_cursor_alloc
     * so that it may be used to process a new query.
     * This allows the caller to reuse a curser instead of
     * releasing and re-allocating. 
     * 
     * This is a local operation.
     *
     *	Out Parameters:
     *		cursor - cursor initialized to the first in the
     *			list of attributes on this object.
     *
     */
    void sec_rgy_attr_cursor_reset (
	[in, out]	sec_attr_cursor_t	*cursor,
	[out]		error_status_t		*st_p
	);


    /* s e c _ r g y _ a t t r _ c u r s o r _ r e l e a s e
     *
     * Release any state associated with a scan cursor allocated
     * with either sec_rgy_attr_cursor_init or sec_rgy_attr_cursor_alloc.
     * This is a local-only operation.
     *	In/Out Parameters:
     *		cursor - in: initialized cursor;
     *			 out: uninitialized cursor with resources released
     */

    void sec_rgy_attr_cursor_release (
        [in, out]   sec_attr_cursor_t	*cursor,
        [out]       error_status_t	*st_p
    );


    /* s e c _ r g y _ a t t r _ l o o k u p _ b y _ i d
     *
     * Read attribute(s) by ID.  Useful for programmatic access.
     * If the number of query attribute keys (num_attr_keys)
     * is 0, this function will return all attributes that
     * the caller is authorized to see.
     *
     * Multi-valued attributes:
     * Multi-valued attributes are returned as independent attribute
     * instances sharing the same attribute id.
     *
     * Attribute Sets:
     * Reads of an attribute set return all instances of members 
     * of that set.  The attribute set instance will not be returned.
     *
     * Triggers:
     * If a requested attribute type is associated with a query
     * trigger, that attr_key will be passed as input to the 
     * sec_attr_trig_query operation and the output of that call
     * will be included in the output attrs array.  
     * Warning: if num_attr_keys is zero (i.e., return all attributes)
     * and an attribute is associated with a query trigger, 
     * the trigger will be called with no input attribute
     * information (that would normally have been passed in via the
     * attr_key value field).
     *
     * The list cursor is used to establish the point
     * in the attribute list from which the server should start
     * processing the query.  
     * Either sec_rgy_attr_cursor_init or sec_rgy_attr_cursor_alloc
     * must be used to allocate a cursor for use in lookup operations.
     * If the list cursor parameter is allocated, but
     * uninitialized, the server will begin processing the query with the
     * first attribute that satisfies the search criteria.
     *
     * If the output parameter num_left is larger than 0, then the
     * output buffer supplied was not big enough.  Num_left is a hint
     * at the number of attributes that were not possible to return
     * due to space constraints.  This number may be inaccurate if
     * the server allows updates between succesive query calls.
     *
     *	In Parameters:
     *		name_domain - the domain in which the named object resides.
     *		name - identifies the registry object on which
     *			to perform this operation.
     *		num_attr_keys - specifies the number of elements in the
     *			input attr_keys array.
     *		space_avail - specifies the size of the output attrs array.
     *		attr_keys - in the attr_id field of each element, contains
     *			the attribute type id of the attribute instance(s)
     *			requested by this lookup. If the requested attribute
     *			type is associated with a query trigger, the attr_val
     *			field may be used to pass in optional information 
     *			required by the trigger query. If no information is
     *			to be passed in the attr_val field (whether the type
     *			indicates a trigger query or not), the attr_val
     *			encoding type should be set to
     *			sec_rgy_attr_enc_void.
     *			
     *	In/Out Parameters:
     *		cursor - in: initialized cursor; 
     *			out: cursor advanced past attributes returned
     *			in this call.
     *
     *	Out Parameters:
     *		num_returned - specifies the number of attribute instances
     *			returned in the attrs array.
     *		attrs - contains the attributes retrieved by id.
     *		num_left - hints at the number of attributes matching the
     *			search criteria that could not be returned due to
     *			space contraints in the attrs buffer.
     *
     * Warnings:
     *		Not_all_available       Not all of the requested attributes
     *                           	were available.
     *
     * Errors:
     *		Unauthorized
     *		Registry Server Unavailable
     *		Trigger Server Unavailable
     */
     
    void sec_rgy_attr_lookup_by_id (
	[in]		sec_rgy_handle_t	context,
	[in]		sec_rgy_domain_t	name_domain,
	[in]		sec_rgy_name_t		name,
	[in, out]	sec_attr_cursor_t  	*cursor,
	[in]		unsigned32		num_attr_keys,
	[in]		unsigned32		space_avail,
	[in, size_is(num_attr_keys)]	
			sec_attr_t		attr_keys[],
	[out]		unsigned32		*num_returned,
	[out, size_is(space_avail), length_is(*num_returned)]
			sec_attr_t		attrs[],
	[out]		unsigned32		*num_left,
	[out]		error_status_t		*st_p
	);
     

    /* s e c _ r g y _ a t t r _ l o o k u p _ n o _ e x p a n d
     *
     * Read attributes by ID without expanding attribute sets
     * to their constituent member attributes.  Useful for
     * reading the value (list of member attribute type uuids) 
     * of an attribute with encoding type attr_set.
     * If the number of query attribute keys (num_attr_keys)
     * is 0, this function will return all attributes that
     * the caller is authorized to see.
     *
     * Multi-instanced attributes:
     * Multi-instanced attributes are returned as independent attribute
     * instances sharing the same attribute type uuid.
     * To learn the exact number of instances in a given multi-instanced
     * attribute, call this operation with only a single query id.
     * The num_returned plus the num_left will specify the total
     * number of instances for that attribute type.
     *
     * Attribute Sets:
     * Attribute sets are not expanded in this operation.
     * If an attribute set is requested on the lookup, only the 
     * attribute set instances (no member instances) are returned.
     *
     * Triggers:
     * If the requested attribute type is associated with a query
     * trigger, the value returned for the attribute will be the
     * binding (as set in the schema entry) of the trigger server.
     * The caller must bind to the trigger server and pass the
     * original input query attribute to the sec_attr_trig_query call
     * in order to retrieve the attribute value.
     *
     * The list cursor is used to establish the point
     * in the attribute list from which the server should start
     * processing the query.  List cursors should be initialized with
     * the cursor_init function.  If the list cursor parameter is
     * uninitialized, the server will begin processing the query with the
     * first attribute that satisfies the search criteria.
     *
     * If the output parameter num_left is larger than 0, then the
     * output buffer supplied was not big enough.  Num_left is a hint
     * at the number of attribute sets that were not possible to return
     * due to space constraints.  This number may be inaccurate if
     * the server allows updates between succesive query calls.
     *
     *    In Parameters:
     *		name_domain - the domain in which the named object resides.
     *		name - identifies the registry object on which
     *			to perform this operation.
     *		num_attr_keys - specifies the number of elements in the
     *			input attr_keys array.
     *		space_avail - specifies the size of the output attrs array.
     *		attr_keys - in the attr_id field of each element, contains
     *			the attribute type id of the attribute set instance(s)
     *			requested by this lookup. If the requested attribute
     *			type is associated with a query trigger, the attr_val
     *			field may be used to pass in optional information 
     *			required by the trigger query. If no information is
     *			to be passed in the attr_val field (whether the type
     *			indicates a trigger query or not), the attr_val
     *			encoding type should be set to
     *			sec_rgy_attr_enc_void.
     *			
     *    In/Out Parameters:
     *        cursor - in: initialized or uninitialized cursor; 
     *            out: cursor advanced past attributes returned
     *            in this call.
     *
     *    Out Parameters:
     *        num_returned - specifies the number of attribute
     *            instances returned in the attrs array.
     *        attrs - contains the attributes retrieved by id.
     *        num_left - hints at the number of attributes matching the
     *            search criteria that could not be returned due to
     *            space contraints in the attrs buffer.
     *
     * Errors:
     *		Unauthorized
     *		Registry Server Unavailable
     *		Invalid/Unsupported attribute type
     */
     
    void sec_rgy_attr_lookup_no_expand (
	[in]		sec_rgy_handle_t	context,
	[in]		sec_rgy_domain_t	name_domain,
	[in]		sec_rgy_name_t		name,
	[in, out]	sec_attr_cursor_t	*cursor,
	[in]		unsigned32		num_attr_keys,
	[in]		unsigned32		space_avail,
	[in, size_is(num_attr_keys)]	
			sec_attr_t		attr_keys[],
	[out]		unsigned32		*num_returned,
	[out, size_is(space_avail), length_is(*num_returned)]
			sec_attr_t		attr_sets[],
	[out]		unsigned32		*num_left,
	[out]		error_status_t		*st_p
	);
          

    /* s e c _ r g y _ a t t r _ l o o k u p _ b y _ n a m e
     *
     * Read one attribute by name.  Useful for an interactive editor.
     *
     * Multi-valued attributes:
     * If more than one instance of the named attribute exists on this
     * object, the "more_available" warning status code will be 
     * returned.  This status indicates the caller should 
     * resubmit the request to sec_rgy_attr_lookup_by_id using the
     * attr_id returned by this call, in order to retrieve every
     * instance of this attribute.
     *
     * Attribute Sets;
     * If attr_name identifies an attribute set, the attribute set
     * instance, not a member instance, will be returned with the
     * warning status code "attribute_set_instance."  In order to
     * retrieve the members of this set, the caller should resubmit
     * the request to sec_rgy_attr_lookup_by_id using 
     * the attribute set's attr_id returned by this call.
     *
     * Triggers:
     * Warning: this operation does not provide for input data
     * to a trigger query operation.  If the named attribute is
     * associated with a query trigger, the trigger will be called 
     * with no input attribute value information.
     *
     *	In Parameters:
     *		name_domain - the domain in which the named object resides.
     *		name - identifies the registry object on which
     *			to perform this operation.
     *		attr_name - the name of the attribute type to be retrieved.
     *
     *	Out Parameters:
     *		attr - the first attribute instance of the named type.
     *
     * Warnings:
     *		More Available - Named attribute was a multi-valued
     *				 attribute.
     *		Attribute Set Instance - returned attribute has encoding
     *				 type attr_set.
     *
     * Errors:
     *		Unauthorized
     *		Registry Server Unavailable
     *		Trigger Server Unavailable
     */

    void sec_rgy_attr_lookup_by_name (
	[in]		sec_rgy_handle_t	context,
	[in]		sec_rgy_domain_t	name_domain,
	[in]		sec_rgy_name_t		name,
	[in, string]	char			*attr_name,
	[out]		sec_attr_t		*attr,
	[out]		error_status_t		*st_p
	);
               

    /* s e c _ r g y _ a t t r _ u p d a t e
     *
     * Write/Create an attribute.  This is an atomic operation.  All
     * attributes are written/created or none are modified.
     *
     * If an attribute instance already exists which is identical
     * in both type and value to an input attribute, the
     * "instance already exists" error is returned.
     * 
     * The first attribute causing the update to fail is identified in
     * "failure_index".  If the failure cannot be attributed to a
     * given attribute, then -1 is returned in the failure index.
     *
     * Multi-valued Attributes:
     * If the schema entry for a given attribute specifies that
     * multi-valued attributes are not allowed AND an instance of
     * that attribute type already exists on the object, the instance
     * is overwritten with the new attribute.  If multi-valued attributes
     * are allowed, a new instance is created without modification to
     * the already-present instance.
     *
     * Attribute Sets:
     * This operation may be used to update attribute set instances.
     * No expansion of a set to its members occurs on update operations.
     *
     * Triggers:
     * If an input attribute is associated with an update trigger,
     * the trigger will be invoked with the input attr array and
     * the output attributes from the update trigger will be stored
     * in the ERA database and returned in the out_attrs array.
     *
     *	In Parameters:
     *		name_domain - the domain in which the named object resides.
     *		name - identifies the registry object on which
     *			to perform this operation.
     *		num_to_write - specifies the number of attributes in
     *			the attrs array.
     *		space_avail - specifies the size of the out_attrs array.
     *			Set this to zero if final output values are not 
     *			desired.
     *		in_attrs - contains the attribute instances to be written.
     *
     *	Out Parameters:
     *		num_returned - specifies the number of attribute
     *			instances returned in the out_attrs array.
     *		out_attrs - contains the final output attributes that were
     *			stored in the attribute database. These will only
     *			be different from the in_attrs if one or more
     *			update triggers were invoked.
     *		num_left - hints at the number of output attributes
     *			remaining that could not be returned due to 
     *			space limitations in out_attrs.  This operation
     *			should be retried with a larger out_attrs array.
     *		failure_index - in an error case, contains the index
     *			of the element in in_attrs[] that caused the update to
     *			fail, or -1 if the failure cannot be attributed to
     *			a given attribute.
     *
     * Errors:
     *		Unauthorized
     *		Database read only
     *		Server unavailable
     *		Invalid/Unsupported attribute type
     *		Invalid encoding type
     *		Value not unique
     *		Attribute instance already exists
     *		Trigger server unavailable
     *		Site read only
     */
     
    void sec_rgy_attr_update (
	[in]	sec_rgy_handle_t	context,
	[in]	sec_rgy_domain_t	name_domain,
	[in]	sec_rgy_name_t		name,
	[in]	unsigned32		num_to_write,
	[in]	unsigned32		space_avail,
	[in, size_is(num_to_write)]
		sec_attr_t		attrs[],
	[out]	unsigned32		*num_returned,
	[out, size_is(space_avail), length_is(*num_returned)]
		sec_attr_t		out_attrs[],
	[out]	unsigned32		*num_left,
	[out]	signed32		*failure_index,
	[out]	error_status_t		*st_p
	);
     

    /* s e c _ r g y _ a t t r _ t e s t _ a n d _ u p d a t e
     *
     * Update attributes if a set of control attributes retain
     * specified values.  This is an atomic operation - if any of the
     * test values do not match, then none of the updates are
     * performed.  If the update should be performed, but the write
     * cannot occur to any member of the update set, the entire
     * update fails and the problematic attribute is identified in
     * the output failure index.  If the update fails and cannot be
     * attributed to a given update attribute, -1 is returned as the
     * failure index.
     *
     * Multi-valued Attributes:
     * Multi-valued attribute updates are handled as in
     * sec_rgy_attr_update.
     *
     * Attribute Sets:
     * Attribute set updates are handled as in sec_rgy_attr_update.
     *
     * Triggers:
     * Update triggers are handled as in sec_rgy_attr_update.
     *
     * Matching rules are based on exact matches of each primitive
     * datatype.
     *	In Parameters:
     *		name_domain - the domain in which the named object resides.
     *		name - identifies the registry object on which
     *			to perform this operation.
     *		num_to_test - specifies the number of control attributes
     *			in the test_attrs array.
     *		test_attrs - contains control attributes, whose types and
     *			values must exactly match those of instances on the
     *			registry object in order for the update to take place.
     *		num_to_write - specifies the number of attributes in
     *			the update_attrs array.
     *		update_attrs - contains the attribute instances to be
     *			written.
     *
     *	Out Parameters:
     *		failure_index - in an error case, contains the index
     *			of the element in update_attrs that caused the update
     *			to fail, or -1 if the failure cannot be attributed to
     *			a given attribute.
     *
     * Errors:
     *		Control attribute has changed
     *		Unauthorized
     *		Database read only
     *		Server unavailable
     *		Invalid/Unsupported attribute type
     *		Invalid encoding type
     *		Value not unique
     *		Trigger server unavailable
     *		Site read only
     */
               
    void sec_rgy_attr_test_and_update (
	[in]	sec_rgy_handle_t	context,
	[in]	sec_rgy_domain_t	name_domain,
	[in]	sec_rgy_name_t		name,
	[in]	unsigned32		num_to_test,
	[in, size_is(num_to_test)]
		sec_attr_t		test_attrs[],
	[in]	unsigned32		num_to_write,
	[in, size_is(num_to_write)]
		sec_attr_t		update_attrs[],
	[out]	signed32		*failure_index,
	[out]	error_status_t		*st_p
	);
               

    /* s e c _ r g y _ a t t r _ d e l e t e
     *
     * Delete attribute(s).  This is an atomic operation.  All
     * attributes are deleted or none are modified.  The first
     * attribute causing the delete to fail is identified in
     * "failure_index".  If the failure cannot be attributed to a
     * given attribute, then -1 is returned in the failure index.
     * A failure does not occur if the attribute to be deleted 
     * doesn't exist in the first place.
     *
     * An attribute to be deleted may be identified only by its type
     * uuid (the value encoding type is set to sec_attr_enc_void).
     * This operation deletes every attribute instance of the input
     * type.  The input value of the attribute is ignored.
     *
     * Multi-valued Attributes:
     * If an input attribute contains a type uuid with no value AND
     * that type uuid identifies a multi-valued attribute,
     * all instances of that attribute type are deleted.
     * To perform a delete of just one instance of a multi-valued
     * attribute, use sec_rgy_attr_update() instead.
     *
     * Attribute Sets:
     * Delete of an attribute with encoding type "attr_set" will
     * delete the attr_set instance and NOT the attributes which
     * are members of the set.
     *
     * Triggers:
     * There is no trigger associated with the delete operation.
     *
     *	In Parameters:
     *		name_domain - the domain in which the named object resides.
     *		name - identifies the registry object on which
     *			to perform this operation.
     *		num_to_delete - specifies the number of attributes
     *			in the attrs array.
     *		attrs - contains the attributes to be deleted. 
     *			Every attribute instance of this type will be deleted.
     *			If the type alone is enough to unambiguously 
     *			identify the attribute to be deleted, set the
     *			attribute value encoding type to sec_attr_enc_void.
     *
     *	Out Parameters:
     *		failure_index - in an error case, contains the index
     *			of the element in attr_id[] that caused the delete
     *			to fail, or -1 if the failure cannot be attributed to
     *			a given attribute type.
     *
     * Errors:
     *		Unauthorized
     *		Database read only
     *		Server unavailable
     *		Invalid/Unsupported attribute type
     *		Site read only
     */
     
    void sec_rgy_attr_delete (
	[in]	sec_rgy_handle_t	context,
	[in]	sec_rgy_domain_t	name_domain,
	[in]	sec_rgy_name_t		name,
	[in]	unsigned32		num_to_delete,
	[in, size_is(num_to_delete)]
		sec_attr_t		attrs[],
	[out]	signed32		*failure_index,
	[out]	error_status_t		*st_p
	);


    /* s e c _ r g y _ a t t r _ g e t _ e f f e c t i v e
     *
     * Read the "effective" attributes by id.  The server
     * allocates a buffer large enough to return ALL the
     * requested attributes so that subsequent calls are
     * not necessary.
     *
     * By "effective," the following "inheritance" mechanism
     * is implied:
     * A. If the object identified by "component_name" possesses instances
     * of the requested attribute type, return them; else, do B.
     * B. If the schema_entry for the requested attribute type
     * does not have the "apply_defaults" flag set, no 
     * attribute inheritance should take place, so return with no
     * attributes of this type.  If the "apply_defaults"
     * flag *is* set, do C.
     * C. If the object is a principal associated with an account,
     * do D; otherwise, do E.
     * D. If the org associated with the principal's account
     * possesses instances of the requested attribute type, return
     * them; otherwise do E.
     * E. If the policy object possesses instances of the requested
     * attribute type, return them; otherwise, no instances of
     * this type will be returned.
     *
     * If the number of query attribute keys (num_attr_keys)
     * is 0, this function will return all attributes that
     * the caller is authorized to see.
     *
     * Multi-instanced attributes:
     * Multi-instanced attributes are returned as independent attribute
     * instances sharing the same attribute type uuid.
     * To learn the exact number of instances in a given multi-instanced
     * attribute, call this operation with only a single query id.
     * The num_returned plus the num_left will specify the total
     * number of instances for that attribute type.
     *
     * Attribute Sets:
     * Reads of an attribute set return all instances of members 
     * of that set.  The attribute set instance will not be returned.
     *
     * Triggers:
     * If the requested attribute type is associated with a query
     * trigger, the value returned for the attribute will be the
     * binding (as set in the schema entry) of the trigger server.
     * The caller must bind to the trigger server and pass the
     * original input query attribute to the sec_attr_trig_query call
     * in order to retrieve the attribute value.
     *
     *    In Parameters:
     *		name_domain - the domain in which the named object resides.
     *		name - identifies the registry object on which
     *			to perform this operation.
     *		num_attr_keys - specifies the number of elements in the
     *            input attr_keys array.
     *		attr_keys - in the attr_id field of each element, contains
     *            the attribute type id of the attribute instance(s)
     *            requested by this lookup. If the requested attribute
     *            type is associated with a query trigger, the attr_val
     *            field may be used to pass in optional information 
     *            required by the trigger query. If no information is
     *            to be passed in the attr_val field (whether the type
     *            indicates a trigger query or not), the attr_val
     *            encoding type should be set to
     *            sec_attr_enc_void.
     *            
     *    Out Parameters:
     *		attr_list - an attribute vector allocated by the server
     *		  containing all of the attributes matching the
     *		  search criteria.
     *
     */
    void sec_rgy_attr_get_effective (
	[in]		sec_rgy_handle_t	context,
	[in]		sec_rgy_domain_t	name_domain,
	[in]		sec_rgy_name_t		name,
        [in]		unsigned32		num_attr_keys,
        [in, size_is(num_attr_keys)]
			sec_attr_t		attr_keys[],
        [out, ref]	sec_attr_vec_t		*attr_list,
        [out]		error_status_t		*st_p
    );

}
